6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
Tcl (Tool Command Language) provides a powerful platform for creating integration applications that tie together diverse applications, protocols, devices, and frameworks. When paired with the Tk toolkit, Tcl provides a fast and powerful way to create cross-platform GUI applications. Two denial of service flaws were found in the Tcl regular expression handling engine. If Tcl or an application using Tcl processed a specially-crafted regular expression, it would lead to excessive CPU and memory consumption. (CVE-2007-4772, CVE-2007-6067) This update also fixes the following bug: * Due to a suboptimal implementation of threading in the current version of the Tcl language interpreter, an attempt to use threads in combination with fork in a Tcl script could cause the script to stop responding. At the moment, it is not possible to rewrite the source code or drop support for threading entirely. Consequent to this, this update provides a version of Tcl without threading support in addition to the standard version with this support. Users who need to use fork in their Tcl scripts and do not require threading can now switch to the version without threading support by using the alternatives command. (BZ#478961) All users of Tcl are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01420154
kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
lists.opensuse.org/opensuse-security-announce/2008-02/msg00000.html
rhn.redhat.com/errata/RHSA-2013-0122.html
secunia.com/advisories/28359
secunia.com/advisories/28376
secunia.com/advisories/28437
secunia.com/advisories/28438
secunia.com/advisories/28454
secunia.com/advisories/28455
secunia.com/advisories/28464
secunia.com/advisories/28477
secunia.com/advisories/28479
secunia.com/advisories/28679
secunia.com/advisories/28698
secunia.com/advisories/29638
security.gentoo.org/glsa/glsa-200801-15.xml
securitytracker.com/id?1019157
sourceforge.net/project/shownotes.php?release_id=565440&group_id=10894
sourceforge.net/tracker/index.php?func=detail&aid=1810264&group_id=10894&atid=110894
sunsolve.sun.com/search/document.do?assetkey=1-26-103197-1
sunsolve.sun.com/search/document.do?assetkey=1-66-200559-1
www.debian.org/security/2008/dsa-1460
www.debian.org/security/2008/dsa-1463
www.mandriva.com/security/advisories?name=MDVSA-2008:004
www.postgresql.org/about/news.905
www.redhat.com/support/errata/RHSA-2008-0038.html
www.redhat.com/support/errata/RHSA-2008-0040.html
www.securityfocus.com/archive/1/485864/100/0/threaded
www.securityfocus.com/archive/1/486407/100/0/threaded
www.securityfocus.com/bid/27163
www.vupen.com/english/advisories/2008/0061
www.vupen.com/english/advisories/2008/0109
www.vupen.com/english/advisories/2008/1071/references
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=478961
exchange.xforce.ibmcloud.com/vulnerabilities/39498
issues.rpath.com/browse/RPL-1768
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10235
rhn.redhat.com/errata/RHSA-2013-0122.html
usn.ubuntu.com/568-1/
www.redhat.com/archives/fedora-package-announce/2008-January/msg00397.html
www.redhat.com/archives/fedora-package-announce/2008-January/msg00469.html